95
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring and Managing IP Interfaces and Services
You must generate an SSH authentication key before you can enable SSH. You need to
generate the key only once. The key must be at least 1024 bytes long. The Switch stores the
key in nonvolatile storage where the key remains even after software reboots. To generate a
1024-byte SSH authentication key, type the following command:
DWS-1008#
crypto generate key ssh 1024
key pair generated
You can verify the key using the following command:
show crypto key ssh
For example:
DWS-1008#
show crypto key ssh
ec:6f:56:7f:d1:fd:c0:28:93:ae:a4:f9:7c:f5:13:04
This command displays the checksum (also called a
fingerprint
) of the public key. When you
initially connect to the Switch with an SSH client, you can compare the SSH key checksum
displayed by the Switch with the one displayed by the client to verify that you really are
connected to the Switch and not another device. Generally, SSH clients remember the
encryption key after the first connection, so you need to check the key only once.
Adding an SSH User
To log in with SSH, a user must supply a valid username and password. To add a username
and password to the local database, use the following command:
set user
username
password
password
Optionally, you also can configure MSS either to locally authenticate the user or to use a
RADIUS server to authenticate the user. Use the following command:
set authentication
admin
{
user-glob
}
method1
[
method2
] [
method3
] [
method4
]
To add administrative user
admin
with password
letmein
, and use RADIUS server group
sg1
to authenticate the user, type the following commands:
DWS-1008#
set user admin password letmein
success: User admin created
DWS-1008#
set authentication admin admin sg1
success: change accepted